In the Claims: 



Please md a new Claim 49. 




l\ (Previously amended) A method for dynamically creating security keys for a 
subscriber Having at least one preexisting security credential set having at least one pre-existing 
cryptographic security key, comprising the steps of: 

proWing a configurable security key manifest operative to contain a non- 
prespecified number of security keys; and 

dynamically controlling, through a configured security key manifest, the 
generation of at least one new. security key for the subscriber based on received key attribute data 
contained in the configured secumy key manifest. 

2. (Original) The method of claim 1 including the step of generating a new 
public key pair for the subscriber based cm content of the configurable security key manifest. 

3. (Original) The method\of claim 1 including the step of receiving data 
representing desired new key attribute data b\ presenting a configxirable security key manifest 
template and receiving new key attribute data through the configurable security key manifest 
template. 

4. (Original) The method of claim K wherein the step of providing the 
configurable security key manifest operative to contain aiion-prespecified number of security 
keys includes storing a configured security key manifest for p[\sh based or pull based access by 
the subscriber. 

5. (Original) The method of claim 1 wherein tfte configured security key 
manifest includes updated data representing at least one of: key size, keV usage, key maintenance 
attributes, cryptographic algorithm used, subscriber identification data and authentication data. 
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(Original) The method of claim 1 including the steps of: 




generating an updated security key manifest as the configured security key 
manifest to contain data representing at least one of: key size, key usage, key maintenance 
attributes, cryptographic algorithm used, subscriber identification data and authentication data, 
for the at least one subscriber; and 

comparing uje updated security key manifest to the pre-existing credential set 
containing at least one pre-exi^ing cryptographic security key; and 

updating the pre-existing credential set based on the comparison. 

7. (Original) The method of claim 6 wherein the step of updating the pre- 
existing credential set includes the step) of generating a new public key pair for the subscriber 
based on content of the configurable security key manifest. 

8. (Original) The method orclaim 1 including the steps of: 

generating at least one new kej^ pair in response to content of the configured 
security key manifest; 

continuously analyzing the configurki security key manifest content, prior to 
using a security key pair to determine the suitable security keys necessary for a given operation. 

9. (Original) The method of claim 1 including the steps of: 
digitally signing the configured security key\nanifest by a trusted key manifest 

generator; 

receiving the digitally signed configured security k^ manifest; 
obtaining the pre-existing credential set; and 
prior to analyzing content of the configured security key manifest, verifying the 
digital signature of the digitally signed configured security key manifest) 
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10. (Original) The method of claim 6 wherein the step of comparing includes 
determining a difference in security key information between the updated security key manifest 
and the pre-existing cryptographic security key. 

x 

1 1 . (O^ginal) The method of claim 1 wherein the security key is a key pair and 
wherein the step o{ dynamically controlling the generation of the at least one security key 
includes dynamically\pntrolling the number of key pairs for a subscriber in response to content 
of the configured security ^key manifest. 

12. (Original) \The method of claim 6 wherein the step of updating the pre- 
existing credential set includess^enerating digitally signed data structures corresponding to at 
least one of a newly generated public key pair. 




13. (Original) The method of claim 1 wherein the at least one new security key is 
a symmetric key. 

14. (Original) The method of claim 3 wherein the data representing desired new 
key attribute data includes data representing at least one of : key size, key usage, key 
maintenance attributes, cryptographic algorithm used, subscriber identification data, 
authentication data. 

15. (Previously amended) A method for dynamically creating security keys for a 
subscriber having at least one preexisting security credential set having at least one pre-existing 
cryptographic security key, comprising the steps of: 

providing a configurable security key manifi^st operative to contain a non- 
prespecified nimaber of security keys; 

receiving, in response to providing the configurable security key manifest, data 
representing desired new key attribute data by presenting a configurable security key manifest 
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temp)kte and receiving new key attribute data through the configurable security key manifest 



template 



\ dynamically controlling, through a configured security key manifest, the 



generation of at least one new security key for a subscriber based on the received key attribute 
data, wherein the configured security key manifest is an updated security key manifest 
containing data representing at least one of: key size, key usage, key maintenance attributes, 
cryptographic algorithm used, subscriber identification data and authentication data; 

comparing^,^by the subscriber, the updated security key manifest to the pre- 
existing credential set confining at least one of: key size data, cryptographic algorithm 

\ 

designation data, key attribute ci's^ta and key usage data for; and 

\ 

updating, by the "Subscriber, the pre-existing credential set based on the 
comparison by generating at least oije new key for the subscriber based on content of the 
configurable security key manifest. 

16. (Original) The method Vf claim 15 wherein the step of providing the 
configurable security key manifest operative to contain a non-prespecified number of security 
keys includes storing the configured security key i^anifest for push based or pull based access by 
the subscriber. 

17. (Original) The method of claim 16. wherein the step of updating the pre- 
existing credential set includes the step of generating a n^w public key pair for the subscriber 
based on content of the configurable security key manifest. 

18. (Original) The method of claim 1 5 including^e steps of: 
generating at least one new key pair in response\to content of the configured 

security key manifest; and 
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continuously analyzing the configured security key manifest content, prior to 
using a securitylcey pair to determine the suitable security keys necessary for a given operation. 

19. (Ori^ inal) The method of claim 1 5 including the steps of: 

digitail^^ signing the configured security key manifest by a trusted key manifest 
generator; \^ 

receiving, )^y^t subscriber, the digitally signed configured security key manifest; 
obtaining, by tfie subscriber, the pre-existing credential set; and 
prior to analyzing^^ content of the configured security key manifest, verifying, by 
the subscriber, the digital signature\f the digitally signed configured security key manifest. 

20. (Original) The method of claim 15 v^herein the step of comparing includes 

\ 

determining a difference in security key i^ormation between the updated security key manifest 
and the pre-existing key data. 

21. (Original) The method of ctmm 15 wherein the security key is a key pair and 
wherein the step of dynamically controlling the. generation of the at least one security key 
includes dynamically controlling the number of key Wirs for a subscriber in response to content 
of the configured security key manifest. 

22. (Original) The method of claim 15 v^herein the step of updating the pre- 
existing credential set includes generating digitally signed data structures corresponding to at 
least one of a newly generated public key pair. 

23. (Original) The method of claim 15 wherein th^at least one new security key 
is a symmetric key. 

24. (Original) The method of claim 15 wherein the dataVepresenting desired new 
key attribute data includes data representing at least one of : key^ize, key usage, key 
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maintenance attributes, cryptographic algorithm used, subscriber identification data, 
authentication data. 

25. \ (Original) An apparatus for facilitating dynamic creation of security keys for 
a subscriber haying at least one preexisting security credential set having at least one pre-existing 
cryptographic security key, comprising: 

at leW one security key manifest analyzer operative to receive the at least one 
preexisting security credential set and operative to process a configured security key manifest; 
and 

at least one ^curity credential set generator operative to dynamically generate, 
from the configured security K&y manifest, at least one new security key for a subscriber based 
on received key attribute data contained in the configured security key manifest. 

26. (Original) The apbaratus of claim 25 including a cryptographic key generator 
operative to generate a new public key i^air for the subscriber based on content of the configured 
security key manifest. 

27. (Original) The apparatus \of claim 25 wherein the security key manifest 
analyzer compares an updated security key manifest to the pre-existing credential set containing 
at least one pre-existing cryptographic security \ey; and wherein the at least one security 
credential set generator facilitates updating of the\pre-existing credential set based on the 
comparison. 

28. (Original) The apparatus of 27 whereinNthe at least one security credential set 
generator generates a new public key pair for the subscriber >^ased on content of the configured 
security key manifest. 



CHICAGO/# 1095872.1 



7 



2$. (Original) The apparatus of claim 25 wherein the security key analyzer 
continuou^y analyzes the configured security key manifest content and wherein the key manifest 
analyzer is used to determine the suitable security keys necessary for a given operation. 

30. VOriginal) The apparatus of claim 25 wherein the security key manifest 
analyzer receives, the digitally signed configured security key manifest, obtains the pre-existing 
credential set; and f)rior to analyzing content of the configured security key manifest, verifying 
the digital signature or\the digitally signed configured security key manifest. 

31. (Original)\ The apparatus of claim 30 wherein the key manifest analyzer 
determines a difference in security key information between the updated security key manifest 
and the pre-existing key data. 

32. (Original) Th^\^paratus of claim 25 wherein the security key is a key pair 
and wherein the security credential generator generates a number of key pairs for a subscriber in 
response to content of the configured sQcurity key manifest. 

33. (Original) The apparatus of claim 27 wherein the step of 

updating the pre-existing credential set includes generating digitally signed data 

structures corresponding to at least one of a new^y generated public key pair. 

\ 

34. (Original) The apparatus of c^im 25 wherein the at least one new security 
key is a symmetric key. 

35. (Original) The apparatus of claim ^25 wherein the data representing desired 
new key attribute data includes data representing at least one of : key size, key usage, key 
maintenance attributes, cryptographic algorithm usei^, subscriber identification data, 
authentication data. 
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36l (Original) An apparatus for facilitating dynamic creation of security keys for 
a subscriber having at least one preexisting security credential set having at least one pre-existing 
cryptographic security key, comprising: 

t least one key manifest generator that provides the configurable security key 
manifest operative to contain a non-prespecified number of security keys, 

wherein the key manifest generator receives data representing desired new key 
attribute data by preseming a configurable security key manifest template and receiving new key 
attribute data through theVonfigurable security key manifest template. 

37. (Original) \The apparatus of claim 36 including storage operative for storing a 
QJ^^O configured security key manifek for push based or pull based access by the subscriber. 

38. (Original) TheXapparatus of claim 36 wherein the configured security key 
manifest includes updated data representing at least one of: key size, key usage, key maintenance 
attributes, cryptographic algorithm useov subscriber identification data and authentication data. 

39. (Previously amended) The Apparatus of claim 36 including a trusted key manifest 
generator operatively responsive to digitally sign the configured security key manifest. 

40. (Original) The apparatus olf claim 36 including at least one security key 
manifest analyzer operative to receive the at lea^t one preexisting security credential set and 
operative to process a configured security key manifest; and 

at least one security credential set generator operative to dynamically generate, 
from the configured security key manifest, at least one ritew security key for a subscriber based 
on received key attribute data contained in the configured security key manifest. 
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41 (Original) The apparatus of claim 40 including a cryptographic key generator 
operative to generate a new public key pair for the subscriber based on content of the configured 
^ security key maii^est. 

42. (Original) The apparatus of claim 40 wherein the security key manifest 
analyzer compares aii updated security key manifest to the pre-existing credential set containing 
at least one pre-existing cryptographic security key; and wherein the at least one security 



'y \ 

credential set generator facilitates updating of the pre-existing credential set based on the 



companson. 

43. (Original) The^^paratus of 42 wherein the at least one security credential set 
generator generates a new public key\pair for the subscriber based on content of the configured 
security key manifest. 

44. (Original) A method for^^dynamically creating security keys for a subscriber 
comprising the steps of: 

providing a configurable securityXkey manifest operative to contain a non-pre- 
specified number of security keys; and 

dynamically controlling, through a cc^nfigured security key manifest, initial 
generation of at least one security key for the subscrib^^ based on received key attribute data 
contained in the configured secured key manifest. 

45. (Original) The method of claim 44 including the step of generating a new 
public key pair for the subscriber based on content of the configurable security key manifest. 

46. (Original) The method of claim 44 including ^^e step of receiving data 
representing desired new key attribute data by presenting a configurable security key manifest 
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template and receiving new key attribute data through the configurable security key manifest 
template. 

47. \ (Original) The method of claim 44 wherein the step of providing the 
configurable SMurity key manifest operative to contain a non-prespecified number of security 
keys includes storijig a configured security key manifest for push based or pull based access by 
the subscriber. 

48. (OriginalX The method of claim 44 wherein the configured security key 
manifest includes updated data representing at least one of: key size, key usage, key maintenance 
attributes, cryptographic algorism used, subscriber identification data and authentication data. 

49. (New) A method dynamically creating security keys for a subscriber having at 
least one preexisting security credential set having at least one pre-existing cryptographic 
security key, comprising the steps of: 

providing a configurable ^curity key manifest operative to contain a non- 
prespecified number of security keys; 

receiving data representing desired new key attribute data by presenting a 
configurable security key manifest template and receiving new key attribute data through the 
configurable security key manifest template; 

dynamically controlling, through a cohfigured security key manifest, the 
generation of at least one new security key for the subscriber^ased on received key attribute data 
contained in the configured security key manifest; and 

storing the configured security key manifest for pii^h based or pull based access 
by the subscriber. 
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